This invention relates to secure storage devices for connected computers. More specifically, this invention relates to a secure storage device which allows one computer to read and write information on a common storage media while a second computer may only read the information from the common storage media.
With the explosion of the Internet in commerce, security has become a great concern. The connection of computers to outside sources in order to provide information and data to the public or customers has created the risk that confidential information stored on these computers may be illegally or inadvertently accessed. Both, the inadvertent exposure of such information and the vulnerability of such computers to malicious harm through the rewriting or destruction of data are barriers to increased use of the Internet.
Thus, the computer industry is struggling with Internet security issues. Current industry solutions are inadequate because they are based on the premise that computer Internet security problems may be solved in the same manner as in the past. However, the current solutions such as firewalls, encryption, generated xe2x80x9ckeysxe2x80x9d, etc. do not solve core issues inherent to the Internet such as continuous connectivity, the software mandate, and the need for one-way data transmission.
Continuous connectivity is the ability to access computing systems via a constant connection from the outside to the particular computing network such as a World Wide Web connection. Continuous connectivity is a problem recreated and exacerbated by the Internet because this problem was once solved in the 1980s by elaborate internal security systems. These internal security systems (which are still in use today) were designed and constructed to control access to files, networks and databases through granted privileges and work effectively for those computing environments because access is controlled to the computing environments. Individual accountability is established when a user accesses the computing environment. However, the Internet, by design, has no central authority to determine individual authority and therefore individual accountability on the Internet is either not required or it may be effectively masked. Consequently, continuous connectivity has now resurfaced as a paramount security problem that must be addressed.
The software mandate is the current approach by security solution providers to use software to solve computing security for the Internet. There have also been some attempts to use hardware devices such as cards and keys as an alternative to security software. These solutions require customers to carry identity devices and/or require them to install extra hardware. These requirements prove to be cumbersome and present a marketing barrier for wide dissemination of such devices. Use of ACLs (access control lists), is currently the most common method of computer security. This requires building and maintaining the lists, which are vulnerable to the limitations inherent with ongoing changes in the environment, normal maintenance issues and human error.
Another mechanism which does not require individual hardware is the use of a firewall to control the flow of information and only allow data to flow out of the interface to the outside. The firewall is typically filtering software that validates data requests to a network. Again, firewalls require someone to program the firewall, which provides a point in the network that could be hacked by software tools.
The inability to establish individual accountability coupled with the need for continuous connectivity makes software alone insufficient to solve these issues. No firewall or encryption software is ever entirely capable of securing information because such software may eventually be circumvented by other software.
Thus, there exists a need for a one-way data transmission method controlled by hardware which makes it physically impossible to transmit data in the opposite direction. There is also a need for a data storage/transmission device for which data can be written from one computer and read from a separate computer. There is a further need for a data storage/transmission device which provides a non-physical continuous connection between two computers while maintaining data exchange. There is also a need for a data storage/transmission device where data may be distributed to multiple distributed computers at the same time. Additionally, there is a need for a data storage/transmission device which provides computing security in open computing environments, such as the World Wide Web or Internet. There is a need for a data storage/transmission device which enables secure Business-to-Business computing. Finally, there is a need for a device that can be deployed easily with a connection for Read/Write (RJW) operations and a separate connection for just Read Only (R/O) capabilities.
These needs may be addressed by the present invention, one aspect of which is a secure storage system for protecting data exchanged between a first and second computer. Both the computers are capable of requesting the reading of data and the writing of data. The secure storage system includes an active connector capable of receiving data or sending data, coupled to the first computer. A passive connector capable of receiving data or sending data is coupled to the second computer. A disk controller is coupled to the passive connector. A disk electronics unit is coupled to the disk controller. A storage media having stored data written from the first computer is coupled to the disk electronics unit. The storage media allows the second computer to read the stored data but prevents data received from the passive connector from being written.
Another aspect of the present invention is a method of making data from a first computer available to a second computer while preventing alteration of the data. The method includes establishing an active data connection to the first computer. A passive data connection is established for the second computer. Data on a storage device is written from the first computer. Requests for writing data from the second computer are examined and access to the storage device from the second computer is restricted by preventing writing data from the second computer to the storage device.
Another aspect of the present invention is a computing system for the secure exchange of data without data tampering. The system includes a first computing source having protectable data and an external data conduit. A second computing source is provided having an external data conduit. A secure storage device has an active connector and a passive connector. The active connector is coupled to the external data conduit of the first computing source and the passive connector is coupled to the external data conduit of the second computing source. The secure storage device includes a storage media which stores the protectable data and accepts writing of the protectable data from the first computing source and only reading of the protectable data by the second computing source.
It is to be understood that both the foregoing general description and the following detailed description are not limiting but are intended to provide further explanation of the invention claimed. The accompanying drawings, which are incorporated in and constitute part of this specification, are included to illustrate and provide a further understanding of the method and system of the invention. Together with the description, the drawings serve to explain the principles of the invention.